Photo of William Matthews
William Matthews

Most recently, I've been playing with and learning about C++0x, the latest revision of C++. Bjarne Stroustrup's C++0x FAQ has proved to be an invaluable resource.

Among other things, C++0x adds lambda (anonymous functions), type inference, variadic templates, and tuples. Using these, we can write a very simple “memoizer” in the spirit of a Python decorator. Then as an example I use the memoizer to define a memoized Fibonaci function. This code requires a fairly new C++ compiler, I tested it with G++ 4.6 using the --std=c++0x switch.

#include <functional>
#include <iostream>
#include <map>
#include <tuple>

using namespace std;

template<class T>
class Memo {};
template<class RT,class... Args>
class Memo<RT(Args...)> {
  Memo(function<RT(Args...)> f):_f(f),_t() {}
  RT operator()(const Args... args) {
    const tuple<Args...> k{args...};
    auto i=_t.find(k);
    if(i==_t.end()) {
      RT rv=_f(args...);
      return rv;
    } else {
      return i->second;
  function<RT(Args...)> _f;
  map<const tuple<Args...>,RT> _t;

Memo<long long(long long)> fib([](long long x) {
    return 1ll;
    return fib(x-1)+fib(x-2);

int main() {
  cout << fib(90) << endl;
  return 0;
Encrypted Notes

Off and on in my spare time I've been working on a web site where people can securely and anonymously store little bits of data. Personally, I'd like a place I can store some of my less frequently used passwords online, but I don't want to trust this information to other people or companies, so I figured why should they trust me with their equivalent information.

The architecture for the web app is fairly simple: The user inputs a user ID and a password which are then hashed to create both a user hash and a symmetric encryption key. Currently I'm using PBKDF2 with HMAC-SHA-512. The key here is that this is done client-side in the user's web browser in Javascript! Then the user hash is sent to the server to see if an account exists. If so, a the users private key, encrypted with AES-256 using symmetric key generated from their user ID and password is downloaded. If not a new public/private ECDSA key pair is generated, the private key is encrypted with the symmetric key, and then both are uploaded to the server.

Each “note” that a user wants to save is encrypted with their symmetric key and then signed with their private key and then uploaded to the server. The server verifies the signature using the public key on file and if it matches, it stores the note. Each note is given a unique random ID. Given a note ID and an account hash, a note may be retrieved from the server.

All of the cryptography except for verifying the signature is performed client-side in the user's web browser in Javascript. The users remain anonymous since they're only identified by a hash (assuming that HMAC-SHA512-PBKDF2 is secure), and all information stored on the server is secure since it's encrypted by the user before it is uploaded.

Currently all of the cryptography is working (albeit a bit slowly) in Javascript. When I have time, I'm working on finishing implementing the back-end and then it will be ready for beta testing!

Copyright © 2011 William Matthews | Terms and Conditions and Privacy Policy